From c56f5e11ca2748c700ba37e7d5a26955403d91bb Mon Sep 17 00:00:00 2001 From: Victor Julien Date: Mon, 12 Mar 2018 08:28:21 +0100 Subject: [PATCH] smb2: log share type --- rust/src/smb/log.rs | 9 +++++++++ rust/src/smb/smb.rs | 2 ++ rust/src/smb/smb2.rs | 1 + 3 files changed, 12 insertions(+) diff --git a/rust/src/smb/log.rs b/rust/src/smb/log.rs index 92d390b35b..bc2c6c6b1b 100644 --- a/rust/src/smb/log.rs +++ b/rust/src/smb/log.rs @@ -246,6 +246,15 @@ fn smb_common_header(state: &SMBState, tx: &SMBTransaction) -> Json jsd.set_string("response", &serv); } js.set("service", jsd); + + // share type only for SMB2 + } else { + match x.share_type { + 1 => { js.set_string("share_type", "FILE"); }, + 2 => { js.set_string("share_type", "PIPE"); }, + 3 => { js.set_string("share_type", "PRINT"); }, + _ => { js.set_string("share_type", "UNKNOWN"); }, + } } }, Some(SMBTransactionTypeData::FILE(ref x)) => { diff --git a/rust/src/smb/smb.rs b/rust/src/smb/smb.rs index 52bc3238e6..19535f2876 100644 --- a/rust/src/smb/smb.rs +++ b/rust/src/smb/smb.rs @@ -391,6 +391,7 @@ impl SMBTransactionNegotiate { #[derive(Debug)] pub struct SMBTransactionTreeConnect { pub is_pipe: bool, + pub share_type: u8, pub tree_id: u32, pub share_name: Vec, @@ -403,6 +404,7 @@ impl SMBTransactionTreeConnect { pub fn new(share_name: Vec) -> SMBTransactionTreeConnect { return SMBTransactionTreeConnect { is_pipe:false, + share_type: 0, tree_id:0, share_name:share_name, req_service: None, diff --git a/rust/src/smb/smb2.rs b/rust/src/smb/smb2.rs index f1462c79ea..346c58b17c 100644 --- a/rust/src/smb/smb2.rs +++ b/rust/src/smb/smb2.rs @@ -646,6 +646,7 @@ pub fn smb2_response_record<'b>(state: &mut SMBState, r: &Smb2Record<'b>) let found = match state.get_treeconnect_tx(name_key) { Some(tx) => { if let Some(SMBTransactionTypeData::TREECONNECT(ref mut tdn)) = tx.type_data { + tdn.share_type = tr.share_type; tdn.is_pipe = is_pipe; tdn.tree_id = r.tree_id as u32; share_name = tdn.share_name.to_vec();